CVE-2023-24516 MEDIUM

CVE-2023-24516: Stored Cross Site Scripting - Special Days Module

Vendor Artica Pfms

Product Pandora FMS

Weakness CWE-79 · XSS

Published August 22, 2023

Last update September 6, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Key dates

02Disclosure timeline

August 22, 2023 CVE published

September 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-24516 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-40656 Extension - plasma-web.ru - Reflected XSS in Quickform component for Joomla 1.0.0-3.3.01 CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names CVE-2022-1458 Stored XSS Leads To Session Hijacking in openemr/openemr CVE-2024-24838 WordPress Five Star Restaurant Reviews Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS) CVE-2023-37893 WordPress Coming Soon Chop Chop Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)